aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-19 06:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Greenfield API: Create User

Browse Source 
Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
This commit is contained in:
Kukks
2020-03-13 11:47:22 +01:00
parent c85fb3e89f
commit e99767c7e2
16 changed files with 282 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
BTCPayServer/Security/APIKeys/APIKeyAuthorizationHandler.cs
View File

@@ -29,6 +29,13 @@ namespace BTCPayServer.Security.APIKeys
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
PolicyRequirement requirement)
{
//if it is a create user request, and the auth is not specified, and there are no admins in the system: authorize
if (context.User.Identity.AuthenticationType == null && requirement.Policy == Policies.CanCreateUser.Key &&
!(await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin)).Any())
{
context.Succeed(requirement);
}
if (context.User.Identity.AuthenticationType != APIKeyConstants.AuthenticationType)
return;
@@ -67,6 +74,7 @@ namespace BTCPayServer.Security.APIKeys
}
break;
case Policies.CanCreateUser.Key:
case Policies.CanModifyServerSettings.Key:
if (!context.HasPermissions(Permissions.ServerManagement))
break;